1. Field of the Invention
This invention relates to networked window systems and, more particularly, to a method and apparatus for rendering the X Window System more secure.
2. History of the Prior Art
Arranging individual computer work stations in a network is desirable for a number of reasons. Such an arrangement allows a number of different individuals to work together on the same piece of work. It allows the sharing of high cost computer assets such as printers, character readers, central memory and other resources which might be under-utilized by individuals operating individual work stations. Windowing systems, on the other hand, are desirable for both individual work stations and networks because they allow users to run a number of processes essentially simultaneously whether by time sharing a single central processing unit or by utilizing a plurality of processors to implement individual processes. Window arrangements provide, in effect, a plurality of displays appearing together or separately on an individual computer output display, each such display or window displaying one of a number of what may be simultaneously operating applications.
There have been a number of networking systems devised with windowing capabilities. One of the most recent such systems is the X Window System developed by Schiefler and Gettys at the Massachusetts Institute of Technology as a system for sharing university computer resources. The X Window System has become quite popular because it can be utilized with different types of computers and it allows users to tailor interfaces to the particular application or network involved. The X Window System is, in many respects, like an operating system which runs on a centralized server, providing its facilities to all of the users networked to that server.
One problem with the X Window System is that it is insecure in at least two respects. There is no control over who may access the resources of the system nor over what they may do with the resources once access has been gained. The gaining of access is referred to herein as "authorization." The restricting of operations by an "authorized" user is referred to herein as "access control." Although it attempts to limit gaining access to authorized users, the X Window System does so by allowing only certain computers called hosts, the names for which are held in the server, to access that server. Any intruder who has gained access to any of these computers then has unrestricted access to the server. For example, the intruder may observe a user's key strokes, button pushes, and mouse motions; and monitor any output visible on the display. Such an intruder can disrupt the normal operation of the applications by the user in any of a number of ways, for example, by destroying the user's windows.
The X Window System was designed for use in a university environment in which the overhead of sophisticated resource protection mechanisms was considered inappropriate. However, the X Window System now finds itself used in situations where industrial and governmental espionage are serious considerations and where the pernicious snooping and interference with computer programs is well-known. This expanded use of the X Window system highlights the need of that system for arrangements to make the system more secure.